As of today, about half of all U.S. states have some form of age verification law around. Nine of those were passed in 2025 alone, covering everything from adult content sites to social media platforms to app stores.
Right now, California’s Digital Age Assurance Act (AB 1043) is all the rage right now, which targets not only websites and apps but also operating systems. Come January 1, 2027, every OS provider must collect a user’s age at account setup and provide that data to app developers via a real-time API.
Colorado is also working on a near-identical bill, which we covered earlier.
The EFF’s year-end review put it more bluntly: 2025 was “the year states chose surveillance over safety.” The foundation’s concern, which I concur with, is, where does this stop? Self-reported birthday today, government ID tomorrow? There appears to be no limit to these laws’ overreach.
You’re not overlooking anything. You hit the nail on the head, these laws are about surveillance and censorship and that’s why they’re being implemented in the worst and least privacy respecting way possible. The next step is to make sure it’s impossible to circumvent by enforcing locked bootloaders and secure boot. Phones are 90% of the way there already and it probably wouldn’t be too hard for them to fuck up the desktop/laptop side of things either.